CVE-2024-37040

MEDIUM5.4Memory safety

Description

CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

Affected products

Schneider Electric / Sage 1410Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
Schneider Electric / Sage 1430Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
Schneider Electric / Sage 1450Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
Schneider Electric / Sage 2400Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
Schneider Electric / Sage 3030 MagnumVersions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior
Schneider Electric / Sage 4400Versions C3414-500-S02K5_P8 and prior – Versions C3414-500-S02K5_P8 and prior

References

MISChttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf